<?
$pagename = "Register at Our Site";
session_start();
require("includes/variables.php");
require("includes/functions_general.php");
require("includes/functions_captcha.php");
mysqlconnect($site['mysql_user'], $site['mysql_password'], $site['mysql_db']);

if ($_POST['action'] != "")  {
	$action = cleanup($_POST['action']);
} else {
	$action = cleanup($_GET['action']);
}


$firstname = cleanup($_POST['firstname']);
$lastname = cleanup($_POST['lastname']);
$email = cleanup($_POST['email']);
$email_retype = cleanup($_POST['email_retype']);
$password = cleanup($_POST['password']);
$password_retype = cleanup($_POST['password_retype']);
$activate = cleanup($_GET['activate']);


switch ($action) {

	case "register": 
	
		// error check
		$errorcheck == "";
		
		// captcha test
		$captcha = cleanup($_POST['captcha']);
		if (checkAnswer($captcha) == true) {
			// pass
		} else {
			$errorcheck .= "<li>You supplied an incorrect value for the captcha field.</li>";
		}
		
		
		if ($firstname == "") $errorcheck .= "<li>You left the first name blank</li>";
		if ($lastname == "") $errorcheck .= "<li>You left the last name blank</li>";
		if ($email == "") $errorcheck .= "<li>You left the e-mail field blank</li>";
		if ($email_retype == "") $errorcheck .= "<li>You ned to retype your e-mail address</li>";
		
		if (is_valid_email_address($email)) {
			// passed
		} else {
			$errorcheck .= "<li>Invalid e-mail address</li>";
		}
		
		if ($password == "") $errorcheck .= "<li>You left the password field blank</li>";
		if ($password_retype == "") $errorcheck .= "<li>You ned to retype your password</li>";
		if ($email != $email_retype) $errorcheck .= "<li>Your e-mail address does not match the retyped one</li>";
		if ($password != $password_retype) $errorcheck .= "<li>Your password does not match the retyped one</li>";
		
		$sql = mysql_query("select u_id from users where u_email = '".$email."'");
		if ($result = mysql_fetch_array($sql)) {
			$errorcheck .= "<li>This e-mail address already exists in our system.</li>";
		}
		
		if ($errorcheck != "") {
		
			include("includes/header.php");
			echo "<strong>There were errors with your registration:</strong>";
			echo "<ul>".$errorcheck."</ul>";
			include("includes/inc_form_registration.php");
			include("includes/footer.php");
		
		} else {
		
			$activationcode = time();
			$activationcode = md5($activationcode);
		
			$sql = "insert into users (u_id, u_email, u_firstname, u_lastname, u_password, u_activated) values ('', '".$email."', '".$firstname."', '".$lastname."', password('".$password."'), '".$activationcode."')";
			if ($result = mysql_query($sql)) {
				// success
				$output .= "<p>Your registration has been received. Please check your e-mail for a message from us to confirm your registration. This step is required for activating your account.</p>";
				
				$subject 		= "ACTIVATE your account";
				$messagetext	= "Thank you for registering with us Please take a moment to activate your account you can gain access to special features. If you cannot click the link below, please copy and paste this URL in your browser's addres bar: \n\n";
				$messagetext 	.= "http://".$_SERVER["HTTP_HOST"]."/register.php?action=confirm&activate=".$activationcode."\n\n";
				$messagetext	.= "Warmest regards,\n";
				$messagetext	.= "Our Site Name";
				
				SendMail($site['contact-name'], $site['contact-email'], $firstname." ".$lastname, $email, $subject, $messagetext);		
				
				
			} else {
				$output .= "<p>An error occurred while trying to initiate your registration: ".mysql_error()."</p>";
			}
			
			$sql = mysql_query("select u_id from users where u_email = '".$email."' && u_firstname = '".$firstname."' && u_lastname = '".$lastname."'");
			if ($result = mysql_fetch_array($sql)) {			
				$userid = $result['u_id'];			
			} else {
				$output .= "<p>An error occurred while trying to process your user id: ".mysql_error()."</p>";
			}
			
			include("includes/header.php");
			echo "<h1>Registration: your activation link has been mailed to you</h1>";
			echo $output;
			include("includes/footer.php");
			
		
		}
	break;

	// confirm registration
	case "confirm":
		
		$sql = mysql_query("select u_id from users where u_activated = '".$activate."'");
		if ($result = mysql_fetch_array($sql)) {
		
			$u_id = $result['u_id'];		
			$sql2 = "update users set u_activated='1' where u_id = '".$u_id."'";
			if ($result2 = mysql_query($sql2)) {
				$output .= "<p>Your account has been activated. You may now <a href='/login.php'>log in</a>.</p>";
			} else {
				$output .= "<p><strong>An error has occurred while trying to activate your account: </strong>".mysql_error()."</p>";
			}
				
		} else {
			$output .= "<p><strong>Invalid activation code.</strong> This account may have already been activated. Try logging in.</p>";
		}
		
		include("includes/header.php");
		echo "<h1>Account activation</h1>";
		echo $output;
		include("includes/footer.php");
	break;

	// default landing page
	default:

		include("includes/header.php");
		include("includes/inc_form_registration.php");
		include("includes/footer.php");

	break;
}

?>